This is an automated email from the git hooks/post-receive script.
mreynolds pushed a commit to branch master
in repository 389-ds-base.
commit 2086d052e338ddcbcf6bd3222617991641573a12
Author: Mark Reynolds <mreynolds(a)redhat.com>
Date: Thu Oct 26 10:03:39 2017 -0400
Ticket 48894 - harden valueset_array_to_sorted_quick valueset
access
Description: It's possible during the sorting of a valueset to access an
array element past the allocated size, and also go below the index 0.
https://pagure.io/389-ds-base/issue/48894
Reviewed by: nweiderm (Thanks!)
---
ldap/servers/slapd/valueset.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/ldap/servers/slapd/valueset.c b/ldap/servers/slapd/valueset.c
index dc03607..14ebc48 100644
--- a/ldap/servers/slapd/valueset.c
+++ b/ldap/servers/slapd/valueset.c
@@ -1019,11 +1019,11 @@ valueset_array_to_sorted_quick(const Slapi_Attr *a, Slapi_ValueSet
*vs, size_t l
while (1) {
do {
i++;
- } while (valueset_value_cmp(a, vs->va[vs->sorted[i]], vs->va[pivot])
< 0);
+ } while (i < vs->max && valueset_value_cmp(a,
vs->va[vs->sorted[i]], vs->va[pivot]) < 0);
do {
j--;
- } while (valueset_value_cmp(a, vs->va[vs->sorted[j]], vs->va[pivot])
> 0);
+ } while (valueset_value_cmp(a, vs->va[vs->sorted[j]], vs->va[pivot])
> 0 && j > 0);
if (i >= j) {
break;
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.